package com.briup.jdbc;

import org.junit.Test;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;

public class LoginTest {
    // 登陆测试 -> 查询语句
    @Test
    public void login() throws Exception{
        var driver = "com.mysql.cj.jdbc.Driver";
        var url = "jdbc:mysql://192.168.179.11:3306/briup";
        var user = "root";
        var password = "root";

        // sql注入，第一种情况
//        var username = "admin";
//        var userpwd = "' or '1'='1";
        // sql注入，第二种情况
        var username = "' or '1'='1'; -- ";
        var userpwd = "aaa";

        Class.forName(driver);
        Connection conn = DriverManager.getConnection(url, user, password);
        Statement statement = conn.createStatement();
//        String sql = """
//                     select count(*) from t_user
//                     where name='admin' and password='admin'
//                     """;
        String sql = "select count(*) " +
                     "from t_user " +
                     "where name='"+username+"' " +
                     "and password='"+userpwd+"'";
        ResultSet resultSet = statement.executeQuery(sql);
        resultSet.next();
        int count = resultSet.getInt(1);
        if(count==0){
            System.out.println("登陆失败");
        }else {
            System.out.println("登陆成功");
        }
        statement.close();
        conn.close();
    }
}
